Google Drive files can end up in ads, even though you still own them

Google Drive is here, and according to Google's terms, any files you upload …

The combination of Google's new storage service, Google Drive, and the company's recently unified terms of service and privacy policy, have riled the Internet into demanding to know why Google seemed to be claiming ownership of their customers' files. As it turns out, the company claims no ownership—it says so right in the terms of service, and a comparison between Google Drive's terms and that of other storage services turns up few material differences, except for a couple of questionable terms that may land your content in Google's promotional materials.

In a comparison piece, The Verge noted that the terms of service from four major cloud storage services—Dropbox, iCloud, Microsoft SkyDrive, and Google Drive—all claim no ownership of the files you give them. Several publishing outfits raised the alarm about a clause in Google's terms of service that states Google reserves the right to "use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute" content uploaded to their services. But as The Verge pointed out, other services have similarly expansive, and sometimes more expansive, terms, and those services mean only to use them in service of, well, the services.

When Ars spoke to the Electronic Frontier Foundation about Google Drive's terms of service, the EFF found little about them that was more suspicious than in any other similar cloud service. But Rebecca Jeschke, EFF's media relations director and digital rights analyst, paused over one phrase: "The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones." Promoting?

Google's unified privacy policy states that it won't use your material to do anything other than "provide, maintain, protect and improve [its services], [and] to develop new ones," and will ask for consent before lending your material to any other uses. But if a file is set as publicly available, that is considered consent for use to promote Google's services. If a user uploads a photo and sets it as publicly viewable, that picture could end up in an ad for Google.

The good news here is that Google isn't going to be strewing your personal files all over the Internet as banner ads, as the terms of service alone might suggest, provided the files have some privacy settings, as they do by default—viewable only to friends, for instance. But a public file on any of Google's services could, in theory, end up in promotional materials. It makes some sense that public content could be used by others, but it's easy to forget how public "Public" on an Internet service is. It gives us flashbacks to the family photo posted on a blog that wound up in a Czech ad.

Jeschke went on to point out that users should be more concerned with who Google might be forced to give their files to, than what Google itself might do with their files. "In light of Megaupload, it's possible that users are worried about the wrong thing," she said. Files stored in the cloud can still be easily lost or subpoenaed without the users' knowledge, Jeschke noted, an issue that's often overlooked.

But a public file on any of Google's services could, in theory, end up in promotional materials. It makes perfect sense that public content could be used freely by others,

Actually, in the US, at least, it doesn't. Making your files public (say, your photos) does not change the fact that you own the copyright to them. No one can just come use one (legally) without your permission, save as allowed under fair use.

Since Google unified it's policies some of the things the say make more sense in regards to some services than others. For instance when g I upload a video to YouTube I'm perfectly fine if Google use it to promote YouTube. I doubt Google think it's a good thing to use files people are placing in a personal web locker to promote their services. It's just stupid in my opinion and of they are, they should expect all the criticism and hell that people will raise about it.

Are there any recorded cases of terms like this being abused? The concept is intriguing, but how likely is it that they'd ever actually use these clauses?

There are existing cases where these kinds of terms have been used, but I'm only aware of it being in a different context. For instance, Apple routinely uses the icons of apps from the app store in promotional materials (the giant banners at WWDC, for instance) without asking the developers of those apps first, but presumably that doesn't cause a problem because most developers benefit from their stuff showing up in a place like that.

Jeschke went on to point out that users should be more concerned with who Google might be forced to give their files to, than what Google itself might do with their files. "In light of Megaupload, it's possible that users are worried about the wrong thing," she said. Files stored in the cloud can still be easily lost or subpoenaed without the users' knowledge, Jeschke noted, an issue that's often overlooked.

If only one of these companies' CEOs would be honest enough to say something like

Quote:

I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example, that we are all subject in the United States to the Patriot Act. It is possible that, that information could be made available to the authorities.

I'm sure if they were that frank about the reality of storing files on the web, the internet would in no way spin that as evidence that he hated personal privacy, and blogs everywhere would only react with happiness for a businessman being honest for once. And, like how our 24-hour news networks focusing on gaffes have in no way made politicians more generic out of fear of ever saying anything specific ever, I'm sure the internet's reaction would only encourage ever more honesty and frankness

Good article Casey. Kind of interesting that 'Public' images are essentially CC0 (I guess?). It would be cool if they made them explicitly labeled as such, so, like on flickr, it's very explicit that you're granting those rights.

But a public file on any of Google's services could, in theory, end up in promotional materials. It makes perfect sense that public content could be used freely by others,

Actually, in the US, at least, it doesn't. Making your files public (say, your photos) does not change the fact that you own the copyright to them. No one can just come use one (legally) without your permission, save as allowed under fair use.

Unless they have a clause in the user agreement....

Exactly. The problem here is not for a few family photos and snapshots, but for artists who produce works for a living and expect to get revue from them, but still have to display their wares in order to sell them.

A picture of someone's snotfaced kid in a ad? No biggie unless it's embarrassing when they get older. A professional photographer or graphic artist who normally charges stiff licensing fees? They had better look elsewhere for a hosting solution. Ideally they'd run their own servers, but artist-types are not generally well known for their tech savvy or the free funds to sink on a server and bandwidth.

The expectation of Privacy when putting anything on the web is suspect. This is preaching to the Choir, but this applies to these new storage services as well as megaupload and its type of service, and online backup companies like Carbonite. This most definitely applies to any social service like facebook.

At any time a police could get a warrant for that information or some hacker will get to it, or anyone. Regardless of it being Google, online is public. :-) Tin foil hats ready!

But a public file on any of Google's services could, in theory, end up in promotional materials. It makes perfect sense that public content could be used freely by others,

Actually, in the US, at least, it doesn't. Making your files public (say, your photos) does not change the fact that you own the copyright to them. No one can just come use one (legally) without your permission, save as allowed under fair use.

Unless they have a clause in the user agreement....

Good point, I lightened the phrasing there in the text.

MrMalthus wrote:

Good article Casey. Kind of interesting that 'Public' images are essentially CC0 (I guess?). It would be cool if they made them explicitly labeled as such, so, like on flickr, it's very explicit that you're granting those rights.

CC insofar as Google is the user; it doesn't open the rights up to just anyone. But thanks!

This just allows them to use the wording of the file, metadata, and presumably content to serve you ads, it does not free them up to take your file and use them IN the ads. Basically this is what the entire privacy policy says for all of good, Oh yeah we track you and use info from one site to serve you custom ads on another site.

BFD - Do you really really care? If you have 5000000 files names toothpaste and they send you lots of toothpaste ads, do you really care? Hell if you have that many toothpaste files, maybe you like to buy toothpaste.

But a public file on any of Google's services could, in theory, end up in promotional materials. It makes perfect sense that public content could be used freely by others,

Actually, in the US, at least, it doesn't. Making your files public (say, your photos) does not change the fact that you own the copyright to them. No one can just come use one (legally) without your permission, save as allowed under fair use.

This is a property issue. Allowing something to be viewed online does not in anyway, shape or form change the copyright invested in the creator of the work, be it Disney or Megan the 3rd grader's butterfly drawing. This goes for image files or video, addressing the Youtube example above,Go ahead and look but want to use it yourself, especially commercially? Then be prepared to pay for a license.

AKA encrypt any files you do not wanting Google to frakking know what they are. If there is an issue then have your company host the files on their own servers in its cloud, except you probably fired all your IT staff since the cloud was such a cheaper alternative already. Any idiot using a cloud service and not thinking it will at one time be open to the world needs a shot of reality.

First, Google (and the other cloud hosting providers) furnish a service that is for the most part free. You get what you pay for.

Second, people need to recognize cloud storage for what it is...a convenient way of storing working copies of files that have no intrinsic value. Since you don't have physical custody of the storage media, you need to accept the fact that something might happen to that data that you don't like. Don't put your bank account passwords or your kiddie p*rn collection or your only copy of your professional work in the cloud. Encryption is not a substitute for physically controlling access, and faith in Google/Dropbox/Skydrive/etc is not a substitute for a good backup strategy.

Google is getting a lot of heat about its Drive's terms and conditions at the moment...I will sit back and wait for Google to rewrite. If it doesn't, I won't use it. Google, what on earth were you thinking? Did an in-house lawyer run astray or were you cold and calculating about this?

This all sounds pretty harmless. If the default visibility is not public, and it has to be set to public to get used, then nobody who doesn't set a file to public will have an issue.

And if you set a file to public, seriously, you should expect the internet to slap it on a lunch box and try to make money off of it.

Did you read the dialog box? Any files you upload can be published to the web (by google) whatever setting you select.

You are reading this wrong...

Quote:

This means that a doc could be both Private and published to the web. In that case, only users to whom you've given permission would be able to view or edit the full original doc; however, anyone with the separate link to the published version of the doc would be able to view that published content.

It is saying even if a DOC is private you could publish that DOC to the web creating a unique URL that is public even though sharing is private - for example:

I create a Google Doc about cats and dogs, and I have it as private. No one can see this document it is 100% private to me. BUT from the doc itself I can publish it as a webpage, the visibility would still say "private" but would also be published publicly to the web.

I think this is an awesome service so long as you can find decent broadband for your uploads downloads tend to be 10 times faster so its not a worry once its in the cloud. I dont like the fact google wouldn't dare claim ownership of any files its users upload for very obvious reasons, Not to do with the dislike customers would have for the idea, but because of the ourageous litigation such a move would instigate from the shadow government of the usa the movie moguls.

How can you be promoting this Google Product?They take OWNERSHIP of your IP and your files on upload.This is ROBBERY.

Google have granted themselves the necessary rights to move your file around it's various services, it needs to implement these for the technical logistics behind the services, all cloud storage providers have similar terms.

It is clearly stated that the uploader retains rights.

Seems like people are afraid google will pull an Apple with it's iBooks Author EULA, why are we not more up in arm about what Apple has done as opposed to speculation with what Google could potentially do?

I'm wondering if by putting users documents into ads (which may include some documents that infringe copyright), could google put themselves at risk of losing their DMCA "safe harbor" protection?

My simplified understanding of the DMCA "safe harbor" provisions is that an Online Service Provider is only protected providing (amongst other things) that (a) don't receive a financial benefit directly attributable to the infringing activity and (b) not be aware of "red flags" that give them knowledge of infringing activity.

The fact that they're using documents in ads seems to bring them direct financial benefit..... of course they could develop logic to filter out infringing documents - but that then gives them knowledge that they must act on. ie. The OSP is protected providing they don't know about infringement.....

Rule of thumb: don't put anything in the cloud you wouldn't nail to a bulletin board in your local supermarket..

Rule of thumb should be more like: Don't put anything in the cloud period as once you do you lose positive control of it.

+100.This is why banks and many other organizations will never use cloud for anything serious. Too many secrets to hide. (My megacorporation has been unsuccessful in selling cloud services to such entities, as have been our competitors).

Of course they have the incentive to use any of your files to make more money - to sell information and to sell ads.

Apple, DropBox and Microsoft don't have this insidious incentive.

That's a remarkably naeive viewpoint coming from someone in this forum.

Even if it occurs to none of Google's competitors to be portals for advertisements today, it doesn't mean it won't occur to them tomorrow. Let us not forget that all of these entities are all American corporations operating in a pervasive culture that dictates that "it's great to screw over everyone but the stock holders".

There is a philosophy that you shouldn't post / upload /store in the cloud / share anything you don't want to be public knowledge. That may be reasonable advice, but I think it is a bad philosophy. First of all, it leads to victim blaming and to letting service providers off the hook. Maybe "anything that can be stolen from you, will be stolen from you" is the reality of the Internet today, but we as a society can do better. In the 'real world', I don't worry about people taking things off my desk at work when my back is turned, even though they easily could. I don't worry about people intercepting my snail mail and publishing it, though again, this wouldn't be that hard to do. Maybe I should be worried about these things (people do get burned every now and then) but it seems to very much less likely than being screwed by a bad privacy policy or legal procedure or confusing privacy setting online.

Second, what is the point of developing Internet technology that can't be used for anything important, for fear all of your secrets/IP will be stolen? If the cloud isn't safe enough for personal information, and it isn't safe enough for professional information, what the heck is it good for?

I don't know whether the answer is culture or legislation, but I don't think the answer is to simply withdraw from using Internet technology that could be personally and collectively beneficial.

OK, that was a rant, no one here is suggesting that outright. I just hate one attractive service after another being introduced on the Internet and then hearing the experts say they aren't good to use. (see: all social networking sites, all cloud storage sites, etc.)

What is the difference of using a cloud storage service than an email provider? Are you telling me you do not have ANY private emails in your hosted inbox?!

Give me a break people!

Cloud storage is exactly the same as your email host - both store emails and files (attachments), etc...

Maybe you should just not use the internet...

We're talking about the EULA here, not the technical specifications. EULA of Gmail says they can parse your emails to send you ads. EULA of GDrive says that if you make your data public, they can take it and use it for whatever they want. No GPL licensing for photos like flickr, no limited liability.

On a broader note, If I'm concerned about my data being made available, I don't email it. Gdrive (and competitors) are marketing themselves as a convenient place to store your data - in effect, telling you "store your data here, even the stuff you may not want public" - despite the fact that you've in effect lost all control of your data when you upload it and are trusting the provider to be both technically able to make it available as well as trusting them not to do things with it that you wouldn't approve of.

Maybe you shouldn't make broad comparisons when you don't understand the argument............

What is the difference of using a cloud storage service than an email provider? Are you telling me you do not have ANY private emails in your hosted inbox?!

Give me a break people!

Cloud storage is exactly the same as your email host - both store emails and files (attachments), etc...

Maybe you should just not use the internet...

We're talking about the EULA here, not the technical specifications. EULA of Gmail says they can parse your emails to send you ads. EULA of GDrive says that if you make your data public, they can take it and use it for whatever they want. No GPL licensing for photos like flickr, no limited liability.

On a broader note, If I'm concerned about my data being made available, I don't email it. Gdrive (and competitors) are marketing themselves as a convenient place to store your data - in effect, telling you "store your data here, even the stuff you may not want public" - despite the fact that you've in effect lost all control of your data when you upload it and are trusting the provider to be both technically able to make it available as well as trusting them not to do things with it that you wouldn't approve of.

Maybe you shouldn't make broad comparisons when you don't understand the argument............

Still not seeing the issue - you post something public and you give google rights to use it... Nobody else can use it.. they can not transfer rights... still do not understand what people are pissed about...